Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: analyzing client / server traffic

From: James Washer <washer () trlp com>
Date: Fri, 4 Apr 2003 10:34:56 -0800
one trick I've used, which gives me a 'hint' of whether or not applications are really ecrypting, or just some form of 
compression/encoding is to attempt to send a HUGE block of a single character..  say 10000 'a's or something like 
that..  doesn't always work... but sometimes I'll see a huge block of some repeating pattern in the data stream... 
which means no encryption.. Sort of a 'known plaintext attack'. From there, you can try different plaintext blocks.. 
and can sometimes figure out the encoding.

Not very scientific mind you... but occaisonally useful

 - jim

On 3 Apr 2003 15:31:40 -0000
J J <j_joensuu () yahoo com> wrote:




Dear all, 

I have been sniffing at the communication between the client and the 
server part of a CRM-software that I support at work. Being that I at 
times get questions about the network security pertaining to this product, 
I wanted to see if it is possible to pinpoint where specific data such as 
login names, passwords (or software specific commands that an 
administrator can send from the client) are located within the packets 
sent by the client.

The product uses a proprietory protocol, and looking at the data with 
tools such as Ethereal and the Ufasoft Sniffer surely did not reveal 
anything in clear text. I did also try converting my username to hex and 
looking for that as well, but did not find anything.

So now I am at the situation where I do not know what to do next in order 
to further analyze the packets that I have captured (they are exported to 
a text and an .xml file). What sort of operations could one do with this 
sort of data? or would it help to get a packet analyzer?

thanks for any advice,

JJ

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics



-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics
Previous By Date Next
Previous By Thread Next

Current thread: